fix: add workspace path sandboxing and UWF_BUILTIN_ALLOW_SHELL check

- Add resolvePathInWorkspace() to reject paths escaping workspace root
- Apply sandboxing to read_file, write_file, and run_command tools
- Gate run_command behind UWF_BUILTIN_ALLOW_SHELL=1 env var
- Add tests for resolvePathInWorkspace escape detection

docs/investigations/issue-418-acp-resume.md

@@ -1,73 +0,0 @@
-# Issue #418: ACP session/resume 返回空文本
-
-## 调研日期: 2026-05-23
-
-## 根因
-
-`session/resume` 在 restore 路径下 `_make_agent()` 失败，异常被静默吞掉。
-
-### 完整调用链
-
-```
-resume_session(sid)
-  → update_cwd(sid)
-    → get_session(sid) → _restore(sid)
-      → _make_agent()
-        → resolve_runtime_provider("custom") 失败（line 548-561）
-        → AIAgent() 抛出 "No LLM provider configured"（line 564）
-      → except Exception 静默吞掉（line 482-484）→ return None
-    → return None
-  → state is None → fallback: create_session()（新 sid，无历史）
-```
-
-### 关键代码位置（acp_adapter/session.py）
-
-- `_restore()` line 426-498: 从 DB 恢复 session，但 except 太宽泛
-- `_make_agent()` line 520-568: provider 解析在 restore 路径下不完整
-- Line 548-561: `resolve_runtime_provider("custom")` 失败后，`base_url` 虽然从 DB 取到了但没传给 AIAgent
-
-### 实测行为
-
-1. Phase 1: `session/new` + `prompt` → 正常，有 `agent_message_chunk`
-2. Phase 2: `session/resume` + `prompt`
-   - resume 返回成功，但 `available_commands_update` 里 sessionId 是新的（create_session fallback）
-   - 用原始 sid 发 prompt → `stopReason: "refusal"`（session 不在内存中）
-   - 用新 sid 发 prompt → 能跑但无历史（agent 回答"不知道 secret code"）
-
-### 验证脚本
-
-```python
-# 直接调用 _restore 验证
-cd ~/.hermes/hermes-agent
-python3 -c "
-import sys; sys.path.insert(0, '.')
-from acp_adapter.session import SessionManager
-sm = SessionManager()
-result = sm._restore('SESSION_ID_HERE')
-print(result)  # None — _make_agent 抛异常被吞掉
-"
-```
-
-### 两个 bug
-
-1. **`_make_agent` provider fallback 不完整**: restore 时 DB 里有 `base_url` 和 `api_mode`，但 `resolve_runtime_provider` 失败后这些值没被正确传递给 AIAgent
-2. **`_restore` 的 except 太宽泛**: 静默吞掉所有异常，连 warning 都只在 debug 级别，导致 resume 失败完全无感知
-
-### Hermes 版本
-
-- v0.10.0 (2026.4.16) — 初始测试
-- v0.14.0 (2026.5.16) — 更新后重新测试，bug 仍在
-- 代码路径: ~/.hermes/hermes-agent/acp_adapter/session.py
-
-### v0.14.0 测试结果 (2026-05-23)
-
-- `_restore` 仍因 `custom` provider 解析失败返回 None
-- 日志更清晰了：`WARNING: Failed to recreate agent for ACP session ...`
-- resume fallback 创建新 session（新 sid），但 agent 居然能回答之前的问题（可能通过 memory/session search）
-- 核心问题不变：sessionId 变了，client 用旧 sid 发 prompt → refusal
-
-### 上游 Issue
-
-- https://github.com/NousResearch/hermes-agent/issues/13489 — 已评论根因分析
-- https://github.com/NousResearch/hermes-agent/issues/8083 — resume 静默创建新 session
-- https://github.com/NousResearch/hermes-agent/issues/18452 — _make_agent fallback 不完整

examples/debate.yaml

@@ -1,77 +0,0 @@
-name: "debate"
-description: "Structured debate between two sides. Tests cross-process session resume."
-roles:
-  against:
-    description: "Argues against the proposition"
-    goal: |
-      You are a skilled debater arguing AGAINST the proposition.
-      Be logical, cite evidence, and directly address your opponent's points.
-      Keep each argument concise (under 200 words).
-    capabilities:
-      - argumentation
-      - critical-thinking
-    procedure: |
-      1. If this is the opening, present your strongest argument against the proposition.
-      2. If responding to the other side, directly counter their points with evidence and logic.
-      3. If you find yourself genuinely convinced by the other side, you may concede.
-    output: |
-      Provide your argument in the frontmatter.
-      Set conceded to true ONLY if you are genuinely convinced and wish to stop debating.
-    frontmatter:
-      type: object
-      properties:
-        argument:
-          type: string
-        conceded:
-          type: boolean
-      required: [argument, conceded]
-  for:
-    description: "Argues for the proposition"
-    goal: |
-      You are a skilled debater arguing FOR the proposition.
-      Be logical, cite evidence, and directly address your opponent's points.
-      Keep each argument concise (under 200 words).
-    capabilities:
-      - argumentation
-      - critical-thinking
-    procedure: |
-      1. Read the opposing side's latest argument carefully.
-      2. Counter their points with evidence and logic.
-      3. If you find yourself genuinely convinced by the other side, you may concede.
-    output: |
-      Provide your argument in the frontmatter.
-      Set conceded to true ONLY if you are genuinely convinced and wish to stop debating.
-    frontmatter:
-      type: object
-      properties:
-        argument:
-          type: string
-        conceded:
-          type: boolean
-      required: [argument, conceded]
-conditions:
-  againstConceded:
-    description: "The against side conceded"
-    expression: "$last('against').conceded = true"
-  forConceded:
-    description: "The for side conceded"
-    expression: "$last('for').conceded = true"
-graph:
-  $START:
-    - role: "against"
-      condition: null
-      prompt: "Present your opening argument against the proposition."
-  against:
-    - role: "$END"
-      condition: "againstConceded"
-      prompt: "The against side conceded. Debate over."
-    - role: "for"
-      condition: null
-      prompt: "Counter the opposing argument. Address their points directly."
-  for:
-    - role: "$END"
-      condition: "forConceded"
-      prompt: "The for side conceded. Debate over."
-    - role: "against"
-      condition: null
-      prompt: "Counter the opposing argument. Address their points directly."

packages/workflow-agent-builtin/__tests__/path.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, test } from "bun:test";
-import { resolvePath } from "../src/tools/path.js";
 import { resolve } from "node:path";
+import { resolvePath, resolvePathInWorkspace } from "../src/tools/path.js";
 
 describe("resolvePath", () => {
   test("resolves relative paths against cwd", () => {
@@ -19,3 +19,25 @@ describe("resolvePath", () => {
     expect(resolved).toBe(resolve("/workspace/project", "../other/file.ts"));
   });
 });
+
+describe("resolvePathInWorkspace", () => {
+  test("allows relative paths within workspace", () => {
+    const resolved = resolvePathInWorkspace("/workspace", "src/foo.ts");
+    expect(resolved).toBe(resolve("/workspace", "src/foo.ts"));
+  });
+
+  test("rejects path that escapes workspace root", () => {
+    const resolved = resolvePathInWorkspace("/workspace", "../etc/passwd");
+    expect(resolved).toBeNull();
+  });
+
+  test("rejects absolute path escape via double-dot", () => {
+    const resolved = resolvePathInWorkspace("/workspace/project", "../../outside");
+    expect(resolved).toBeNull();
+  });
+
+  test("allows deep nested path", () => {
+    const resolved = resolvePathInWorkspace("/workspace", "a/b/c/file.txt");
+    expect(resolved).toBe(resolve("/workspace", "a/b/c/file.txt"));
+  });
+});

packages/workflow-agent-builtin/__tests__/prompt.test.ts

@@ -26,30 +26,22 @@ function minimalContext(overrides: Partial<AgentContext> = {}): AgentContext {
     start: { workflow: "wf-hash", prompt: "Fix the bug" },
     steps: [],
     outputFormatInstruction: "---\nstatus: done\n---",
-    edgePrompt: "Implement the fix described in the plan.",
-    isFirstVisit: true,
     ...overrides,
   };
 }
 
 describe("buildBuiltinPrompt", () => {
-  test("system includes output format and role goal", () => {
-    const { system } = buildBuiltinPrompt(minimalContext());
-    expect(system).toContain("status: done");
-    expect(system).toContain("## Goal");
-    expect(system).toContain("Ship the fix");
+  test("includes output format, task, and role goal", () => {
+    const prompt = buildBuiltinPrompt(minimalContext());
+    expect(prompt).toContain("status: done");
+    expect(prompt).toContain("## Goal");
+    expect(prompt).toContain("Ship the fix");
+    expect(prompt).toContain("## Task");
+    expect(prompt).toContain("Fix the bug");
   });
 
-  test("user includes task and edge prompt", () => {
-    const { user } = buildBuiltinPrompt(minimalContext());
-    expect(user).toContain("## Task");
-    expect(user).toContain("Fix the bug");
-    expect(user).toContain("## Current Step Instruction");
-    expect(user).toContain("Implement the fix");
-  });
-
-  test("user includes history when steps exist", () => {
-    const { user } = buildBuiltinPrompt(
+  test("includes history when steps exist", () => {
+    const prompt = buildBuiltinPrompt(
       minimalContext({
         steps: [
           {
@@ -61,7 +53,7 @@ describe("buildBuiltinPrompt", () => {
         ],
       }),
     );
-    expect(user).toContain("## Previous Steps");
-    expect(user).toContain("planner");
+    expect(prompt).toContain("## Previous Steps");
+    expect(prompt).toContain("planner");
   });
 });

packages/workflow-agent-builtin/src/agent.ts

@@ -69,11 +69,8 @@ async function runBuiltin(ctx: AgentContext): Promise<AgentRunResult> {
   const provider = resolveModel(config, config.defaultModel);
 
   const sessionId = generateUlid(Date.now());
-  const promptParts = buildBuiltinPrompt(ctx);
-  const messages: ChatMessage[] = [
-    { role: "system", content: promptParts.system },
-    { role: "user", content: promptParts.user },
-  ];
+  const systemPrompt = buildBuiltinPrompt(ctx);
+  const messages: ChatMessage[] = [{ role: "system", content: systemPrompt }];
 
   const session: BuiltinSessionState = {
     sessionId,

packages/workflow-agent-builtin/src/prompt.ts

@@ -19,32 +19,18 @@ function buildHistorySummary(steps: AgentContext["steps"]): string {
   return lines.join("\n");
 }
 
-export type BuiltinPromptParts = {
-  system: string;
-  user: string;
-};
-
-/** Assemble system prompt (role + format) and user prompt (task + edge + history). */
-export function buildBuiltinPrompt(ctx: AgentContext): BuiltinPromptParts {
+/** Assemble output format, role prompt, task, and history (aligned with buildHermesPrompt). */
+export function buildBuiltinPrompt(ctx: AgentContext): string {
   const roleDef = ctx.workflow.roles[ctx.role];
   const rolePrompt = roleDef !== undefined ? buildRolePrompt(roleDef) : "";
-  const systemParts: string[] = [];
+  const parts: string[] = [];
   if (ctx.outputFormatInstruction !== "") {
-    systemParts.push(ctx.outputFormatInstruction, "");
-  }
-  systemParts.push(rolePrompt);
-
-  const userParts: string[] = ["## Task", ctx.start.prompt];
-  if (ctx.edgePrompt !== "") {
-    userParts.push("", "## Current Step Instruction", ctx.edgePrompt);
+    parts.push(ctx.outputFormatInstruction, "");
   }
+  parts.push(rolePrompt, "", "## Task", ctx.start.prompt);
   const historyBlock = buildHistorySummary(ctx.steps);
   if (historyBlock !== "") {
-    userParts.push("", historyBlock);
+    parts.push("", historyBlock);
   }
-
-  return {
-    system: systemParts.join("\n"),
-    user: userParts.join("\n"),
-  };
+  return parts.join("\n");
 }

packages/workflow-agent-builtin/src/tools/path.ts

@@ -1,6 +1,17 @@
-import { resolve } from "node:path";
+import { isAbsolute, relative, resolve } from "node:path";
 
 /** Resolve a path relative to the working directory. */
 export function resolvePath(cwd: string, inputPath: string): string {
   return resolve(cwd, inputPath);
 }
+
+/** Reject paths that escape the workspace root via `..` segments. */
+export function resolvePathInWorkspace(cwd: string, inputPath: string): string | null {
+  const root = resolve(cwd);
+  const target = resolve(root, inputPath);
+  const rel = relative(root, target);
+  if (rel.startsWith("..") || isAbsolute(rel)) {
+    return null;
+  }
+  return target;
+}

packages/workflow-agent-builtin/src/tools/read-file.ts

@@ -1,5 +1,5 @@
 import { readFile, stat } from "node:fs/promises";
-import { resolvePath } from "./path.js";
+import { resolvePathInWorkspace } from "./path.js";
 import type { BuiltinTool } from "./types.js";
 
 const MAX_READ_BYTES = 512 * 1024;
@@ -23,7 +23,10 @@ export const readFileTool: BuiltinTool = {
     if (!isRecord(args) || typeof args.path !== "string") {
       return "Error: path must be a string";
     }
-    const resolved = resolvePath(ctx.cwd, args.path);
+    const resolved = resolvePathInWorkspace(ctx.cwd, args.path);
+    if (resolved === null) {
+      return "Error: path escapes workspace root";
+    }
     try {
       const info = await stat(resolved);
       if (!info.isFile()) {

packages/workflow-agent-builtin/src/tools/run-command.ts

@@ -1,5 +1,5 @@
 import { spawn } from "node:child_process";
-import { resolvePath } from "./path.js";
+import { resolvePathInWorkspace } from "./path.js";
 import type { BuiltinTool } from "./types.js";
 
 const COMMAND_TIMEOUT_MS = 60_000;
@@ -57,7 +57,7 @@ function runShell(
 export const runCommandTool: BuiltinTool = {
   name: "run_command",
   description:
-    "Run a shell command. Output is truncated to 32KB.",
+    "Run a shell command in the workspace. Requires UWF_BUILTIN_ALLOW_SHELL=1. Output is truncated.",
   parameters: {
     type: "object",
     required: ["command"],
@@ -71,6 +71,9 @@ export const runCommandTool: BuiltinTool = {
     additionalProperties: false,
   },
   execute: async (args, ctx) => {
+    if (process.env.UWF_BUILTIN_ALLOW_SHELL !== "1") {
+      return "Error: run_command disabled. Set UWF_BUILTIN_ALLOW_SHELL=1 to enable.";
+    }
     if (!isRecord(args) || typeof args.command !== "string") {
       return "Error: command must be a string";
     }
@@ -79,7 +82,11 @@ export const runCommandTool: BuiltinTool = {
       if (typeof args.cwd !== "string") {
         return "Error: cwd must be a string";
       }
-      workDir = resolvePath(ctx.cwd, args.cwd);
+      const resolved = resolvePathInWorkspace(ctx.cwd, args.cwd);
+      if (resolved === null) {
+        return "Error: cwd escapes workspace root";
+      }
+      workDir = resolved;
     }
     try {
       const { stdout, stderr, code } = await runShell(args.command, workDir);

packages/workflow-agent-builtin/src/tools/write-file.ts

@@ -1,6 +1,6 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { dirname } from "node:path";
-import { resolvePath } from "./path.js";
+import { resolvePathInWorkspace } from "./path.js";
 import type { BuiltinTool } from "./types.js";
 
 function isRecord(value: unknown): value is Record<string, unknown> {
@@ -23,7 +23,10 @@ export const writeFileTool: BuiltinTool = {
     if (!isRecord(args) || typeof args.path !== "string" || typeof args.content !== "string") {
       return "Error: path and content must be strings";
     }
-    const resolved = resolvePath(ctx.cwd, args.path);
+    const resolved = resolvePathInWorkspace(ctx.cwd, args.path);
+    if (resolved === null) {
+      return "Error: path escapes workspace root";
+    }
     try {
       await mkdir(dirname(resolved), { recursive: true });
       await writeFile(resolved, args.content, "utf8");

packages/workflow-agent-claude-code/__tests__/session-detail.test.ts

@@ -2,7 +2,6 @@ import { describe, expect, test } from "bun:test";
 import { createMemoryStore, walk } from "@uncaged/json-cas";
 import {
   parseClaudeCodeJsonOutput,
-  parseClaudeCodeStreamOutput,
   storeClaudeCodeDetail,
   storeClaudeCodeRawOutput,
 } from "../src/session-detail.js";
@@ -18,8 +17,6 @@ describe("parseClaudeCodeJsonOutput", () => {
       num_turns: 3,
       total_cost_usd: 0.08,
       duration_ms: 10276,
-      stop_reason: "end_turn",
-      usage: { input_tokens: 100, output_tokens: 50 },
     });
     const parsed = parseClaudeCodeJsonOutput(stdout);
     expect(parsed).not.toBeNull();
@@ -30,10 +27,22 @@ describe("parseClaudeCodeJsonOutput", () => {
     expect(parsed!.numTurns).toBe(3);
     expect(parsed!.totalCostUsd).toBe(0.08);
     expect(parsed!.durationMs).toBe(10276);
-    expect(parsed!.stopReason).toBe("end_turn");
-    expect(parsed!.usage.inputTokens).toBe(100);
-    expect(parsed!.usage.outputTokens).toBe(50);
-    expect(parsed!.turns).toEqual([]);
+  });
+
+  test("parses error_max_turns result", () => {
+    const stdout = JSON.stringify({
+      type: "result",
+      subtype: "error_max_turns",
+      result: "Ran out of turns",
+      session_id: "abc-def",
+      num_turns: 90,
+      total_cost_usd: 1.5,
+      duration_ms: 50000,
+    });
+    const parsed = parseClaudeCodeJsonOutput(stdout);
+    expect(parsed).not.toBeNull();
+    expect(parsed!.subtype).toBe("error_max_turns");
+    expect(parsed!.result).toBe("Ran out of turns");
   });
 
   test("returns null for non-JSON output", () => {
@@ -48,157 +57,45 @@ describe("parseClaudeCodeJsonOutput", () => {
   });
 });
 
-describe("parseClaudeCodeStreamOutput", () => {
-  test("parses stream-json output with turns", () => {
-    const lines = [
-      JSON.stringify({
-        type: "system",
-        subtype: "init",
-        session_id: "sess-123",
-        model: "claude-sonnet-4.5",
-        tools: ["Bash", "Read"],
-      }),
-      JSON.stringify({
-        type: "assistant",
-        message: {
-          role: "assistant",
-          content: [
-            { type: "text", text: "I'll list the files." },
-            { type: "tool_use", id: "tool_1", name: "Bash", input: { command: "ls" } },
-          ],
-        },
-        session_id: "sess-123",
-      }),
-      JSON.stringify({
-        type: "user",
-        message: {
-          role: "user",
-          content: [
-            { type: "tool_result", tool_use_id: "tool_1", content: "file1.ts\nfile2.ts" },
-          ],
-        },
-        session_id: "sess-123",
-      }),
-      JSON.stringify({
-        type: "assistant",
-        message: {
-          role: "assistant",
-          content: [{ type: "text", text: "There are 2 files." }],
-        },
-        session_id: "sess-123",
-      }),
-      JSON.stringify({
-        type: "result",
-        subtype: "success",
-        result: "There are 2 files.",
-        session_id: "sess-123",
-        num_turns: 2,
-        total_cost_usd: 0.05,
-        duration_ms: 5000,
-        stop_reason: "end_turn",
-        usage: {
-          input_tokens: 200,
-          output_tokens: 30,
-          cache_read_input_tokens: 100,
-          cache_creation_input_tokens: 0,
-        },
-      }),
-    ];
-    const stdout = lines.join("\n");
-    const parsed = parseClaudeCodeStreamOutput(stdout);
-
-    expect(parsed).not.toBeNull();
-    expect(parsed!.model).toBe("claude-sonnet-4.5");
-    expect(parsed!.sessionId).toBe("sess-123");
-    expect(parsed!.result).toBe("There are 2 files.");
-    expect(parsed!.stopReason).toBe("end_turn");
-    expect(parsed!.usage.inputTokens).toBe(200);
-    expect(parsed!.usage.outputTokens).toBe(30);
-    expect(parsed!.usage.cacheReadInputTokens).toBe(100);
-
-    // Turns: assistant(text+tool), tool_result, assistant(text)
-    expect(parsed!.turns).toHaveLength(3);
-    expect(parsed!.turns[0]!.role).toBe("assistant");
-    expect(parsed!.turns[0]!.content).toBe("I'll list the files.");
-    expect(parsed!.turns[0]!.toolCalls).toHaveLength(1);
-    expect(parsed!.turns[0]!.toolCalls![0]!.name).toBe("Bash");
-    expect(parsed!.turns[1]!.role).toBe("tool_result");
-    expect(parsed!.turns[1]!.content).toBe("file1.ts\nfile2.ts");
-    expect(parsed!.turns[2]!.role).toBe("assistant");
-    expect(parsed!.turns[2]!.content).toBe("There are 2 files.");
-    expect(parsed!.turns[2]!.toolCalls).toBeNull();
-  });
-
-  test("returns null when no result line", () => {
-    const stdout = JSON.stringify({ type: "system", model: "test" });
-    expect(parseClaudeCodeStreamOutput(stdout)).toBeNull();
-  });
-
-  test("skips invalid JSON lines gracefully", () => {
-    const lines = [
-      "not json",
-      JSON.stringify({
-        type: "result",
-        subtype: "success",
-        result: "ok",
-        session_id: "s1",
-        num_turns: 1,
-        total_cost_usd: 0.01,
-        duration_ms: 1000,
-        stop_reason: "end_turn",
-        usage: {},
-      }),
-    ];
-    const parsed = parseClaudeCodeStreamOutput(lines.join("\n"));
-    expect(parsed).not.toBeNull();
-    expect(parsed!.result).toBe("ok");
-    expect(parsed!.turns).toHaveLength(0);
-  });
-});
-
 describe("storeClaudeCodeDetail", () => {
-  const baseParsed: ClaudeCodeParsedResult = {
-    type: "result",
-    subtype: "success",
-    result: "The answer",
-    sessionId: "abc-123",
-    numTurns: 5,
-    totalCostUsd: 0.12,
-    durationMs: 15000,
-    model: "claude-sonnet-4.5",
-    stopReason: "end_turn",
-    usage: { inputTokens: 100, outputTokens: 50, cacheReadInputTokens: 0, cacheCreationInputTokens: 0 },
-    turns: [
-      { index: 0, role: "assistant", content: "hello", toolCalls: null },
-      { index: 1, role: "tool_result", content: "world", toolCalls: null },
-    ],
-  };
-
-  test("stores detail with per-turn CAS nodes", async () => {
+  test("stores claude-code-detail CAS node and returns output + detailHash", async () => {
     const store = createMemoryStore();
-    const { detailHash, output, sessionId } = await storeClaudeCodeDetail(store, baseParsed);
+    const parsed: ClaudeCodeParsedResult = {
+      type: "result",
+      subtype: "success",
+      result: "The answer",
+      sessionId: "abc-123",
+      numTurns: 5,
+      totalCostUsd: 0.12,
+      durationMs: 15000,
+    };
 
+    const { detailHash, output, sessionId } = await storeClaudeCodeDetail(store, parsed);
     expect(detailHash).toHaveLength(13);
     expect(output).toBe("The answer");
     expect(sessionId).toBe("abc-123");
 
     const node = await store.get(detailHash);
     expect(node).not.toBeNull();
-    expect(node!.payload.model).toBe("claude-sonnet-4.5");
-    expect(node!.payload.stopReason).toBe("end_turn");
-    expect(node!.payload.usage.inputTokens).toBe(100);
-    expect(node!.payload.turns).toHaveLength(2);
-
-    // Verify turn CAS nodes
-    const turn0 = await store.get(node!.payload.turns[0]);
-    expect(turn0).not.toBeNull();
-    expect(turn0!.payload.role).toBe("assistant");
-    expect(turn0!.payload.content).toBe("hello");
+    expect(node!.payload.sessionId).toBe("abc-123");
+    expect(node!.payload.numTurns).toBe(5);
+    expect(node!.payload.totalCostUsd).toBe(0.12);
+    expect(node!.payload.durationMs).toBe(15000);
   });
 
   test("detail node is walkable from root", async () => {
     const store = createMemoryStore();
-    const { detailHash } = await storeClaudeCodeDetail(store, baseParsed);
+    const parsed: ClaudeCodeParsedResult = {
+      type: "result",
+      subtype: "success",
+      result: "walkable test",
+      sessionId: "walk-123",
+      numTurns: 1,
+      totalCostUsd: 0.01,
+      durationMs: 1000,
+    };
+
+    const { detailHash } = await storeClaudeCodeDetail(store, parsed);
     const visited: string[] = [];
     walk(store, detailHash, (hash) => visited.push(hash));
     expect(visited.length).toBeGreaterThan(0);

packages/workflow-agent-claude-code/src/claude-code.ts

@@ -1,20 +1,14 @@
 import { spawn } from "node:child_process";
 import type { Store } from "@uncaged/json-cas";
 
-import { createLogger } from "@uncaged/workflow-util";
-
 import {
   type AgentContext,
   type AgentRunResult,
   buildRolePrompt,
   createAgent,
-  getCachedSessionId,
-  setCachedSessionId,
 } from "@uncaged/workflow-agent-kit";
 
-import { parseClaudeCodeStreamOutput, storeClaudeCodeDetail } from "./session-detail.js";
-
-const log = createLogger({ sink: { kind: "stderr" } });
+import { parseClaudeCodeJsonOutput, storeClaudeCodeDetail } from "./session-detail.js";
 
 const CLAUDE_COMMAND = "claude";
 const CLAUDE_MAX_TURNS = 90;
@@ -92,8 +86,7 @@ function spawnClaudeRun(prompt: string): Promise<{ stdout: string; stderr: strin
     "-p",
     prompt,
     "--output-format",
-    "stream-json",
-    "--verbose",
+    "json",
     "--dangerously-skip-permissions",
     "--max-turns",
     String(CLAUDE_MAX_TURNS),
@@ -110,8 +103,7 @@ function spawnClaudeResume(
     "--resume",
     sessionId,
     "--output-format",
-    "stream-json",
-    "--verbose",
+    "json",
     "--dangerously-skip-permissions",
     "--max-turns",
     String(CLAUDE_MAX_TURNS),
@@ -119,7 +111,7 @@ function spawnClaudeResume(
 }
 
 async function processClaudeOutput(stdout: string, store: Store): Promise<AgentRunResult> {
-  const parsed = parseClaudeCodeStreamOutput(stdout);
+  const parsed = parseClaudeCodeJsonOutput(stdout);
 
   if (parsed !== null) {
     const { detailHash, output, sessionId } = await storeClaudeCodeDetail(store, parsed);
@@ -127,36 +119,14 @@ async function processClaudeOutput(stdout: string, store: Store): Promise<AgentR
   }
 
   throw new Error(
-    `Claude Code returned unparseable output (first 200 chars): ${stdout.slice(0, 200)}`,
+    `Claude Code returned non-JSON output (first 200 chars): ${stdout.slice(0, 200)}`,
   );
 }
 
 async function runClaudeCode(ctx: AgentContext): Promise<AgentRunResult> {
   const fullPrompt = buildClaudeCodePrompt(ctx);
-
-  // Try resuming a cached session for re-entry scenarios (e.g. reviewer reject → developer re-entry).
-  if (!ctx.isFirstVisit) {
-    const cachedSessionId = await getCachedSessionId(ctx.threadId, ctx.role);
-    if (cachedSessionId !== null) {
-      try {
-        const { stdout } = await spawnClaudeResume(cachedSessionId, fullPrompt);
-        const result = await processClaudeOutput(stdout, ctx.store);
-        if (result.sessionId !== undefined && result.sessionId !== "") {
-          await setCachedSessionId(ctx.threadId, ctx.role, result.sessionId);
-        }
-        return result;
-      } catch (err) {
-        log("5VKR8N3Q", "resume failed for session %s, falling back to fresh run: %s", cachedSessionId, err);
-      }
-    }
-  }
-
   const { stdout } = await spawnClaudeRun(fullPrompt);
-  const result = await processClaudeOutput(stdout, ctx.store);
-  if (result.sessionId !== undefined && result.sessionId !== "") {
-    await setCachedSessionId(ctx.threadId, ctx.role, result.sessionId);
-  }
-  return result;
+  return processClaudeOutput(stdout, ctx.store);
 }
 
 async function continueClaudeCode(

packages/workflow-agent-claude-code/src/index.ts

@@ -1,7 +1,6 @@
 export { buildClaudeCodePrompt, createClaudeCodeAgent } from "./claude-code.js";
 export {
   parseClaudeCodeJsonOutput,
-  parseClaudeCodeStreamOutput,
   storeClaudeCodeDetail,
   storeClaudeCodeRawOutput,
 } from "./session-detail.js";

packages/workflow-agent-claude-code/src/schemas.ts

@@ -3,52 +3,13 @@ import type { JSONSchema } from "@uncaged/json-cas";
 export const CLAUDE_CODE_DETAIL_SCHEMA: JSONSchema = {
   title: "claude-code-detail",
   type: "object",
-  required: [
-    "sessionId",
-    "model",
-    "subtype",
-    "durationMs",
-    "numTurns",
-    "totalCostUsd",
-    "stopReason",
-    "usage",
-    "turns",
-  ],
+  required: ["sessionId", "numTurns", "totalCostUsd", "durationMs", "subtype"],
   properties: {
     sessionId: { type: "string" },
-    model: { type: "string" },
-    subtype: { type: "string" },
-    durationMs: { type: "integer" },
     numTurns: { type: "integer" },
     totalCostUsd: { type: "number" },
-    stopReason: { type: "string" },
-    usage: {
-      type: "object",
-      properties: {
-        inputTokens: { type: "integer" },
-        outputTokens: { type: "integer" },
-        cacheReadInputTokens: { type: "integer" },
-        cacheCreationInputTokens: { type: "integer" },
-      },
-      required: ["inputTokens", "outputTokens", "cacheReadInputTokens", "cacheCreationInputTokens"],
-    },
-    turns: {
-      type: "array",
-      items: { type: "string" },
-    },
-  },
-  additionalProperties: false,
-};
-
-export const CLAUDE_CODE_TURN_SCHEMA: JSONSchema = {
-  title: "claude-code-turn",
-  type: "object",
-  required: ["index", "role", "content", "toolCalls"],
-  properties: {
-    index: { type: "integer" },
-    role: { type: "string" },
-    content: { type: "string" },
-    toolCalls: {},
+    durationMs: { type: "integer" },
+    subtype: { type: "string" },
   },
   additionalProperties: false,
 };

packages/workflow-agent-claude-code/src/session-detail.ts

@@ -1,171 +1,13 @@
 import { bootstrap, putSchema, type Store } from "@uncaged/json-cas";
 
-import {
-  CLAUDE_CODE_DETAIL_SCHEMA,
-  CLAUDE_CODE_RAW_OUTPUT_SCHEMA,
-  CLAUDE_CODE_TURN_SCHEMA,
-} from "./schemas.js";
-import type {
-  ClaudeCodeDetailPayload,
-  ClaudeCodeParsedResult,
-  ClaudeCodeToolCall,
-  ClaudeCodeTurnPayload,
-} from "./types.js";
+import { CLAUDE_CODE_DETAIL_SCHEMA, CLAUDE_CODE_RAW_OUTPUT_SCHEMA } from "./schemas.js";
+import type { ClaudeCodeDetailPayload, ClaudeCodeParsedResult } from "./types.js";
 
 function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 
-function safeNumber(v: unknown, fallback = 0): number {
-  return typeof v === "number" ? v : fallback;
-}
-
-function safeString(v: unknown, fallback = ""): string {
-  return typeof v === "string" ? v : fallback;
-}
-
-/**
- * Extract tool calls from an assistant message content array.
- */
-function extractToolCalls(content: unknown[]): ClaudeCodeToolCall[] {
-  const calls: ClaudeCodeToolCall[] = [];
-  for (const item of content) {
-    if (isRecord(item) && item.type === "tool_use" && typeof item.name === "string") {
-      calls.push({
-        name: item.name,
-        input: typeof item.input === "string" ? item.input : JSON.stringify(item.input ?? {}),
-      });
-    }
-  }
-  return calls;
-}
-
-/**
- * Extract text content from a message content array.
- */
-function extractTextContent(content: unknown[]): string {
-  const texts: string[] = [];
-  for (const item of content) {
-    if (isRecord(item) && item.type === "text" && typeof item.text === "string") {
-      texts.push(item.text);
-    }
-  }
-  return texts.join("\n");
-}
-
-/**
- * Extract tool result content from a user message content array.
- */
-function extractToolResultContent(content: unknown[]): string {
-  const results: string[] = [];
-  for (const item of content) {
-    if (isRecord(item) && item.type === "tool_result") {
-      const text = typeof item.content === "string" ? item.content : "";
-      results.push(text);
-    }
-  }
-  return results.join("\n");
-}
-
-/**
- * Parse Claude Code stream-json (NDJSON) output.
- * Each line is a JSON object with type: "system" | "assistant" | "user" | "result".
- */
-export function parseClaudeCodeStreamOutput(stdout: string): ClaudeCodeParsedResult | null {
-  const lines = stdout.trim().split("\n");
-  const turns: ClaudeCodeTurnPayload[] = [];
-  let resultLine: Record<string, unknown> | null = null;
-  let model = "";
-  let turnIndex = 0;
-
-  for (const line of lines) {
-    let parsed: unknown;
-    try {
-      parsed = JSON.parse(line);
-    } catch {
-      continue;
-    }
-    if (!isRecord(parsed)) continue;
-
-    const type = parsed.type;
-
-    if (type === "system" && typeof parsed.model === "string") {
-      model = parsed.model;
-    }
-
-    if (type === "assistant" && isRecord(parsed.message)) {
-      const msg = parsed.message;
-      const content = Array.isArray(msg.content) ? msg.content : [];
-      const textContent = extractTextContent(content as unknown[]);
-      const toolCalls = extractToolCalls(content as unknown[]);
-
-      // Only record turns that have actual content
-      if (textContent !== "" || toolCalls.length > 0) {
-        turns.push({
-          index: turnIndex++,
-          role: "assistant",
-          content: textContent,
-          toolCalls: toolCalls.length > 0 ? toolCalls : null,
-        });
-      }
-    }
-
-    if (type === "user" && isRecord(parsed.message)) {
-      const msg = parsed.message;
-      const content = Array.isArray(msg.content) ? msg.content : [];
-      const resultContent = extractToolResultContent(content as unknown[]);
-
-      if (resultContent !== "") {
-        turns.push({
-          index: turnIndex++,
-          role: "tool_result",
-          content: resultContent,
-          toolCalls: null,
-        });
-      }
-    }
-
-    if (type === "result") {
-      resultLine = parsed;
-    }
-  }
-
-  if (resultLine === null) return null;
-
-  const sessionId = resultLine.session_id;
-  const result = resultLine.result;
-  const subtype = resultLine.subtype;
-
-  if (typeof sessionId !== "string" || typeof result !== "string" || typeof subtype !== "string") {
-    return null;
-  }
-
-  const usage = isRecord(resultLine.usage) ? resultLine.usage : {};
-
-  return {
-    type: safeString(resultLine.type, "result"),
-    subtype: subtype as ClaudeCodeParsedResult["subtype"],
-    result,
-    sessionId,
-    numTurns: safeNumber(resultLine.num_turns),
-    totalCostUsd: safeNumber(resultLine.total_cost_usd),
-    durationMs: safeNumber(resultLine.duration_ms),
-    model,
-    stopReason: safeString(resultLine.stop_reason),
-    usage: {
-      inputTokens: safeNumber(usage.input_tokens),
-      outputTokens: safeNumber(usage.output_tokens),
-      cacheReadInputTokens: safeNumber(usage.cache_read_input_tokens),
-      cacheCreationInputTokens: safeNumber(usage.cache_creation_input_tokens),
-    },
-    turns,
-  };
-}
-
-/**
- * Legacy: parse Claude Code plain JSON output (non-streaming).
- * Falls back when stream-json is not available.
- */
+/** Parse Claude Code JSON stdout (`claude -p --output-format json`). */
 export function parseClaudeCodeJsonOutput(stdout: string): ClaudeCodeParsedResult | null {
   let parsed: unknown;
   try {
@@ -174,7 +16,9 @@ export function parseClaudeCodeJsonOutput(stdout: string): ClaudeCodeParsedResul
     return null;
   }
 
-  if (!isRecord(parsed)) return null;
+  if (!isRecord(parsed)) {
+    return null;
+  }
 
   const sessionId = parsed.session_id;
   const result = parsed.result;
@@ -184,68 +28,44 @@ export function parseClaudeCodeJsonOutput(stdout: string): ClaudeCodeParsedResul
     return null;
   }
 
-  const usage = isRecord(parsed.usage) ? parsed.usage : {};
-
   return {
-    type: safeString(parsed.type, "result"),
+    type: typeof parsed.type === "string" ? parsed.type : "result",
     subtype: subtype as ClaudeCodeParsedResult["subtype"],
     result,
     sessionId,
-    numTurns: safeNumber(parsed.num_turns),
-    totalCostUsd: safeNumber(parsed.total_cost_usd),
-    durationMs: safeNumber(parsed.duration_ms),
-    model: "",
-    stopReason: safeString(parsed.stop_reason),
-    usage: {
-      inputTokens: safeNumber(usage.input_tokens),
-      outputTokens: safeNumber(usage.output_tokens),
-      cacheReadInputTokens: safeNumber(usage.cache_read_input_tokens),
-      cacheCreationInputTokens: safeNumber(usage.cache_creation_input_tokens),
-    },
-    turns: [],
+    numTurns: typeof parsed.num_turns === "number" ? parsed.num_turns : 0,
+    totalCostUsd: typeof parsed.total_cost_usd === "number" ? parsed.total_cost_usd : 0,
+    durationMs: typeof parsed.duration_ms === "number" ? parsed.duration_ms : 0,
   };
 }
 
 type ClaudeCodeSchemaHashes = {
   detail: string;
-  turn: string;
   rawOutput: string;
 };
 
 async function registerSchemas(store: Store): Promise<ClaudeCodeSchemaHashes> {
   await bootstrap(store);
-  const [detail, turn, rawOutput] = await Promise.all([
+  const [detail, rawOutput] = await Promise.all([
     putSchema(store, CLAUDE_CODE_DETAIL_SCHEMA),
-    putSchema(store, CLAUDE_CODE_TURN_SCHEMA),
     putSchema(store, CLAUDE_CODE_RAW_OUTPUT_SCHEMA),
   ]);
-  return { detail, turn, rawOutput };
+  return { detail, rawOutput };
 }
 
-/** Store parsed Claude Code result with per-turn breakdown as CAS detail nodes. */
+/** Store parsed Claude Code result as a CAS detail node. */
 export async function storeClaudeCodeDetail(
   store: Store,
   parsed: ClaudeCodeParsedResult,
 ): Promise<{ detailHash: string; output: string; sessionId: string }> {
   const schemas = await registerSchemas(store);
 
-  // Store each turn as an individual CAS node
-  const turnHashes: string[] = [];
-  for (const turn of parsed.turns) {
-    const hash = await store.put(schemas.turn, turn);
-    turnHashes.push(hash);
-  }
-
   const detail: ClaudeCodeDetailPayload = {
     sessionId: parsed.sessionId,
-    model: parsed.model,
-    subtype: parsed.subtype,
-    durationMs: parsed.durationMs,
     numTurns: parsed.numTurns,
     totalCostUsd: parsed.totalCostUsd,
-    stopReason: parsed.stopReason,
-    usage: parsed.usage,
-    turns: turnHashes,
+    durationMs: parsed.durationMs,
+    subtype: parsed.subtype,
   };
 
   const detailHash = await store.put(schemas.detail, detail);

packages/workflow-agent-claude-code/src/types.ts

@@ -1,38 +1,5 @@
 export type ClaudeCodeResultSubtype = "success" | "error_max_turns" | "error_budget";
 
-/** A single tool call within an assistant turn. */
-export type ClaudeCodeToolCall = {
-  name: string;
-  input: string;
-};
-
-/** A single turn (assistant text, tool use, or tool result). */
-export type ClaudeCodeTurnPayload = {
-  index: number;
-  role: "assistant" | "tool_result";
-  content: string;
-  toolCalls: ClaudeCodeToolCall[] | null;
-};
-
-/** Top-level detail stored as CAS node. */
-export type ClaudeCodeDetailPayload = {
-  sessionId: string;
-  model: string;
-  subtype: string;
-  durationMs: number;
-  numTurns: number;
-  totalCostUsd: number;
-  stopReason: string;
-  usage: {
-    inputTokens: number;
-    outputTokens: number;
-    cacheReadInputTokens: number;
-    cacheCreationInputTokens: number;
-  };
-  turns: string[]; // CAS hashes of ClaudeCodeTurnPayload
-};
-
-/** Intermediate parsed result from stream-json output. */
 export type ClaudeCodeParsedResult = {
   type: string;
   subtype: ClaudeCodeResultSubtype;
@@ -41,13 +8,12 @@ export type ClaudeCodeParsedResult = {
   numTurns: number;
   totalCostUsd: number;
   durationMs: number;
-  model: string;
-  stopReason: string;
-  usage: {
-    inputTokens: number;
-    outputTokens: number;
-    cacheReadInputTokens: number;
-    cacheCreationInputTokens: number;
-  };
-  turns: ClaudeCodeTurnPayload[];
+};
+
+export type ClaudeCodeDetailPayload = {
+  sessionId: string;
+  numTurns: number;
+  totalCostUsd: number;
+  durationMs: number;
+  subtype: string;
 };

packages/workflow-agent-hermes/src/session-cache.ts

@@ -1,17 +1,70 @@
-// Re-export session cache from the shared agent-kit package.
-export { getCachedSessionId, setCachedSessionId } from "@uncaged/workflow-agent-kit";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+
+import { resolveStorageRoot } from "@uncaged/workflow-agent-kit";
+import type { ThreadId } from "@uncaged/workflow-protocol";
+
+type HermesSessionCache = Record<string, string>;
+
+function getCachePath(): string {
+  return join(resolveStorageRoot(), "cache", "hermes-sessions.json");
+}
+
+function cacheKey(threadId: ThreadId, role: string): string {
+  return `${threadId}:${role}`;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+
+async function readCache(): Promise<HermesSessionCache> {
+  const path = getCachePath();
+  try {
+    const text = await readFile(path, "utf8");
+    const raw = JSON.parse(text) as unknown;
+    if (!isRecord(raw)) {
+      return {};
+    }
+    const cache: HermesSessionCache = {};
+    for (const [key, value] of Object.entries(raw)) {
+      if (typeof value === "string" && value !== "") {
+        cache[key] = value;
+      }
+    }
+    return cache;
+  } catch (e) {
+    const err = e as NodeJS.ErrnoException;
+    if (err.code === "ENOENT") {
+      return {};
+    }
+    throw e;
+  }
+}
+
+async function writeCache(cache: HermesSessionCache): Promise<void> {
+  const path = getCachePath();
+  await mkdir(dirname(path), { recursive: true });
+  await writeFile(path, `${JSON.stringify(cache, null, 2)}\n`, "utf8");
+}
 
 export function isResumeDisabled(): boolean {
-  // Hermes ACP session/resume is broken: _restore fails for custom providers
-  // because resolve_runtime_provider("custom") throws and base_url/api_mode
-  // are lost in the fallback path.  Resume silently creates a new session
-  // (different sessionId, no history), causing empty-text responses.
-  // See: https://github.com/NousResearch/hermes-agent/issues/13489
-  // Disable by default until upstream fixes the bug.  Set UWF_HERMES_RESUME=1
-  // to opt back in.
-  const enableFlag = process.env.UWF_HERMES_RESUME;
-  if (enableFlag === "1" || enableFlag === "true") {
-    return false;
-  }
-  return true;
+  const flag = process.env.UWF_NO_RESUME;
+  return flag !== undefined && flag !== "";
+}
+
+export async function getCachedSessionId(threadId: ThreadId, role: string): Promise<string | null> {
+  const cache = await readCache();
+  const sessionId = cache[cacheKey(threadId, role)];
+  return sessionId ?? null;
+}
+
+export async function setCachedSessionId(
+  threadId: ThreadId,
+  role: string,
+  sessionId: string,
+): Promise<void> {
+  const cache = await readCache();
+  cache[cacheKey(threadId, role)] = sessionId;
+  await writeCache(cache);
 }

packages/workflow-agent-kit/src/index.ts

@@ -13,7 +13,6 @@ export type { FrontmatterFastPathResult } from "./frontmatter.js";
 export { tryFrontmatterFastPath } from "./frontmatter.js";
 export { createAgent } from "./run.js";
 export { getConfigPath, getEnvPath, loadWorkflowConfig, resolveStorageRoot } from "./storage.js";
-export { getCachedSessionId, setCachedSessionId } from "./session-cache.js";
 export type {
   AgentContext,
   AgentContinueFn,

packages/workflow-agent-kit/src/session-cache.ts

@@ -1,75 +0,0 @@
-import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
-import { randomBytes } from "node:crypto";
-import { dirname, join } from "node:path";
-
-import type { ThreadId } from "@uncaged/workflow-protocol";
-
-import { resolveStorageRoot } from "./storage.js";
-
-type SessionCache = Record<string, string>;
-
-function getCachePath(): string {
-  return join(resolveStorageRoot(), "cache", "agent-sessions.json");
-}
-
-function cacheKey(threadId: ThreadId, role: string): string {
-  return `${threadId}:${role}`;
-}
-
-function isRecord(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-async function readCache(): Promise<SessionCache> {
-  const path = getCachePath();
-  try {
-    const text = await readFile(path, "utf8");
-    const raw = JSON.parse(text) as unknown;
-    if (!isRecord(raw)) {
-      return {};
-    }
-    const cache: SessionCache = {};
-    for (const [key, value] of Object.entries(raw)) {
-      if (typeof value === "string" && value !== "") {
-        cache[key] = value;
-      }
-    }
-    return cache;
-  } catch (e) {
-    const err = e as NodeJS.ErrnoException;
-    if (err.code === "ENOENT") {
-      return {};
-    }
-    throw e;
-  }
-}
-
-async function writeCache(cache: SessionCache): Promise<void> {
-  const path = getCachePath();
-  const dir = dirname(path);
-  await mkdir(dir, { recursive: true });
-  // Atomic write: write to temp file then rename to avoid partial reads on concurrent access.
-  // NOTE: Current workflow execution is serial (execFileSync), so true concurrency doesn't occur.
-  // This is a safety net for future parallel execution.
-  const tmpPath = join(dir, `.agent-sessions.${randomBytes(4).toString("hex")}.tmp`);
-  await writeFile(tmpPath, `${JSON.stringify(cache, null, 2)}\n`, "utf8");
-  await rename(tmpPath, path);
-}
-
-/** Read the cached session ID for a thread+role pair. */
-export async function getCachedSessionId(threadId: ThreadId, role: string): Promise<string | null> {
-  const cache = await readCache();
-  const sessionId = cache[cacheKey(threadId, role)];
-  return sessionId ?? null;
-}
-
-/** Write the session ID for a thread+role pair into the cache. */
-export async function setCachedSessionId(
-  threadId: ThreadId,
-  role: string,
-  sessionId: string,
-): Promise<void> {
-  const cache = await readCache();
-  cache[cacheKey(threadId, role)] = sessionId;
-  await writeCache(cache);
-}